Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    8BitDo 64 Bluetooth Controller review: perfect for the retro Nintendo Switch Online game catalog

    July 12, 2026

    I stopped organizing tabs the old way once Zen showed me what browsers could actually do

    July 12, 2026

    I gave my Hisense TV a boost with 3 quick tweaks

    July 12, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism
    ‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism
    Cybersecurity

    ‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery Mechanism

    The Tech GuyBy The Tech GuyJuly 12, 2026No Comments2 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    Researchers from Tel Aviv University, Technion, and Intuit have detailed a new attack technique dubbed ‘HalluSquatting’ that turns AI assistants’ tendency to hallucinate into a scalable infection vector. 

    Advertisement

    The cybersecurity community has identified several ways to hack or hijack AI tools through prompt injection delivered via channels such as emails, logs, comments, and messaging notifications.

    These promptware attacks leverage the fact that the attacker has a direct channel to the targeted user’s LLM application. 

    HalluSquatting, on the other hand, has been described as a form of untargeted promptware that relies on a technique named adversarial hallucination squatting, in which threat actors can exploit AI applications at scale without a direct channel.

    In a HalluSquatting attack, the attacker pre-registers the fake repository or package names that LLMs commonly invent when asked to fetch popular, trending resources. 

    The research team says hallucination rates in their tests reached as high as 85% for repo-cloning prompts and 100% for skill installations, and that the same hallucinated names tend to recur across different foundation models, making the technique broadly transferable. 

    Advertisement. Scroll to continue reading.

    Once the hallucinated repositories and packages are registered, the attacker can plant malicious instructions inside them. 

    When an unsuspecting user asks an AI tool like Cursor, Windsurf, GitHub Copilot, Cline, Gemini CLI, or OpenClaw to clone a repository or install a skill, the assistant may hallucinate the squatted name, pull it down, and execute the attacker’s commands via its built-in terminal.

    Those commands can direct the AI to run additional tools or code, potentially deploying various types of malware or hacking tools.

    The HalluSquatting research has focused on using the technique to create agentic botnets whose size depends on how often AI tools hallucinate the attacker’s squatted resource.

    Traditional botnets rely on vulnerabilities, weak security practices, and lateral movement. In contrast, agentic botnets spread via prompt injections that bypass traditional firewalls and can take root on virtually any device, resulting in a far more heterogeneous population of compromised hosts than botnets such as Mirai.

    Affected vendors were notified before the publication of the HalluSquatting research, and the researchers withheld exploit details they believe could be directly reused by attackers.

    Related: AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique

    Related: Google Dialogflow CX Bug Allowed Attackers to Hijack AI Conversations

    Related: Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    Network of 200 GitHub Repositories Used for Malware Infection

    July 12, 2026

    Ghost Accounts Abuse GitHub API in Mass Recon Campaign

    July 11, 2026

    GigaWiper Combines Multiple Malware for System-Level Sabotage

    July 11, 2026

    Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers

    July 11, 2026

    China, India-Linked Hackers Both Targeted Same Pakistani Police Force

    July 11, 2026

    In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

    July 10, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026253 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 2026157 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    8BitDo 64 Bluetooth Controller review: perfect for the retro Nintendo Switch Online game catalog

    July 12, 2026

    I stopped organizing tabs the old way once Zen showed me what browsers could actually do

    July 12, 2026

    I gave my Hisense TV a boost with 3 quick tweaks

    July 12, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.